International Service Providers Sue GCHQ For Potentially Hacking Their Networks

from the could-get-interesting dept

A group of seven smaller international ISPs, many of which tend to be used by activists, are now suing GCHQ via the Investigatory Powers Tribunal, for hacking into their networks. The focus of the lawsuit is on the GCHQ's now infamous hacking of Belgian telco Belgacom, via a quantum insert, to get access to a variety of communications. While those revelations don't name any of the service providers filing suit, they note that "the type of surveillance being carried out allows them to challenge the practices in the IPT because they and their users are at threat of being targeted." The seven service providers are:

There may be a big question as to whether or not any of those organizations really have standing if there's no evidence they were actually targeted by GCHQ, but I don't know enough about how the Investigatory Powers Tribunal works when it comes to the question of who has standing to judge at the outset. Either way, the service providers note that GCHQ's activities violate the European convention on human rights:

First, in the course of such an attack, network assets and computers belonging
to the internet and communications service provider are altered without the
provider’s consent. That is in itself unlawful under the Computer Misuse Act
1990 in the absence of some supervening authorisation. Depending on the
nature and extent of the alterations, the attacks may also cause damage
amounting to an unlawful interference with the internet and communications
service provider’s property contrary to Article 1 of the First Protocol (“A1P1”)
to the European Convention on Human Rights (“ECHR”).

Second, the surveillance of the internet and communications service
provider’s employees is an obvious interference with the rights of those
employees under Articles 8 and 10 ECHR, and by extension the provider’s
own Article 10 rights. As Der Spiegel reported in relation to a separate attack
on Mach, a data clearing company, a computer expert working for the
company was heavily targeted: “A complex graph of his digital life depicts the
man’s name in red crosshairs and lists his work computers and those he uses
privately (‘suspected tablet PC’). His Skype username is listed, as are his Gmail
account and his profile on a social networking site. […] In short, GCHQ knew
everything about the man’s digital life.” It is not simply a question of GCHQ
confining its interest to employees’ professional lives. They are interested in
knowing everything about the staff and administrators of computer
networks, so as to be better able to exploit the networks they are charged to
protect.

Third, the exploitation of network infrastructure enables GCHQ to conduct
mass and intrusive surveillance on the customers and users of the internet
and communications service providers’ services in contravention of Articles 8
and 10 ECHR. Network exploitation of internet infrastructure enables GCHQ
to undertake a range of highly invasive mass surveillance activities, including
the application of packet capture (mass scanning of internet
communications); the weakening of encryption capabilities; the observation
and redirection of internet browsing activities; the censoring or modification
of communications en route; and the creation of avenues for targeted
infection of users’ devices. Not only does each of these actions involve serious
interferences with Article 8 ECHR rights, by creating vulnerabilities and
mistrust in internet infrastructure they also chill free expression in
contravention of Article 10 ECHR.

Fourth, the use by GCHQ of internet and communications service providers’
infrastructure to spy on the providers’ users on such an enormous scale
strikes at the heart of the relationship between those users and the provider
itself. The fact that the internet and communications service providers are
essentially deputised by GCHQ to engage in heavily intrusive surveillance of
their own customers threatens to damage or destroy the goodwill in that
relationship, itself an interference with the provider’s rights under A1P1.

Certainly a case worth watching if it can get past the standing issue.

What a bunch of morons. While I'm not a defender of government surveillance, International Service providers are nothing but idiots and morons. Suing GCHQ because of "what might happen" in regards to their spying? You cannot sue someone for something that hasn't happened yet.

The courts need to dismiss this lawsuit as nothing more than frivolous.

Re:

I really, REALLY hope you get your ass put on some terror list and your rights stomped on by the government at every opportunity for something banal that nobody in their right mind could see as doing wrong, just to point out in all clarity to you, what a shortsighted moron you are.

And while were at it, I hope you also get sued for copyright infringement, especially if you haven't done what you are getting sued for, just so that you can have the fun of trying to get your ass out of this situation.

Re:

Re:

Just suppose you are this person:

"As Der Spiegel reported in relation to a separate attack on Mach, a data clearing company, a computer expert working for the company was heavily targeted: “A complex graph of his digital life depicts the man’s name in red crosshairs and lists his work computers and those he uses privately (‘suspected tablet PC’). His Skype username is listed, as are his Gmail account and his profile on a social networking site. […] In short, GCHQ knew everything about the man’s digital life.""

You might make a better case. But would you sue the intelligence agency that directed the surveillance carried out on you? Or would you feel that might make you, your employer, anyone you know, even more of a target?

Standing will be the first hurdle, and one they are very unlikely to get over. I doubt any of them can show actual personal harm.

After that, they would have to show that GCHQ actually did the hack, that the hack was done entirely without the knowledge or help of the ISP or any equipment manufacture, and a whole bunch of other details. It's really not a simple case to make.

As the AC points out as well, do we truly want to be able to sue the government spy agency for doing it's job?

"Anonymous Coward" acting cowardly, huh? You cannot sue someone for something they have not done yet. The courts will realize the true stupidity of this frivolous lawsuit and dismiss it. Without proof of what the GCHQ has done, ISP cannot sue someone for something they haven't done yet.

For example, you cannot sue somebody for defaming you in the future because they haven't defamed you in the past or present. Simply filing a lawsuit against somebody for something they haven't done yet will get laughed out of court so fast it would make your head spin.

For example, you cannot be sued today for downloading the fifth Avengers movie in the future, simply because it hasn't happened yet. For any court to allow anyone to sue another person for conduct that has not even been committed yet would open the floodgates of every judicial system on this planet and it would create massive problems for the courts, no matter what country you are in.

Re:

When did an infamous group of German hackers and cyber-vandals turn into an ISP?

I think this was bad reporting in the original story, based on the other "ISPs" in the list. These groups provide internet services (email etc.), not internet service as "ISP" normally suggests. That said, the CCC does provide internet service during conferences (for a few days each year, the Berliner Congress Centre used to have more bandwidth than Africa).

Re: Re:

When the MEANS it uses to do it's job breach the law and/or constitutional protections, then definitely YES.

Okay, show me the criminal charges brought against them for breaking the law. Oh, they don't exist.

You don't consider perhaps that while distasteful, perhaps the security "holes" are there by intention and agreement by at least two parties (government and equipment maker, example) and as such, may be nothing more than a civil case for failure to disclose by the equipment maker?

It's pretty easy to say "they broke the law", but if they did, where are the criminal (not civil) actions?

They are not above the law, but "the law" must take action to prosecute them criminally if they have in fact broken the law in a provable fashion. Otherwise, they can stand "over there" with the guys from TPB claiming they aren't doing anything wrong.

Re: Re: Re: Re:

Re: Re:

If a Governmental body is abusing its power you don't have to wait till the abuse reaches you to question their behavior in the courts.

Not right at all. You need some example, some specific case, some specific action - and you generally have to be party to it. Making vague "we think they are looking over our shoulders and might have seen something" claims doesn't stand up in court at all. Otherwise, I could say that I think you have been spying on me, that you might have seen something I wrote, so I can sue you for "one meeeeeellion dollars" (apply pinkie finger here).

Oh, that last part is for guys like Rick Falkvinge who don't seem to understand that you can share culture without sending the whole movie to someone.

Re: Re: Re: Re: Re:

Actually no. You've been showing your ignorance for a few articles now. The Apartheid was law but it doesn't make it right. Several things were laws on the Nazi Germany but it did not make them right. On the other hand, the same Nazi Germany had awesome laws against animal cruelty/abuse so there is that. The animal abuse laws were ok and should be followed but the rest wasn't. Just because it's the law it doesn't make it automatically right.

Re: Re: Re:

Not right at all. You need some example, some specific case, some specific action

Yes but even if that action does not affect you you can question it in the courts. See EFF, ACLU etc.

Making vague "we think they are looking over our shoulders and might have seen something" claims doesn't stand up in court at all.

They are not claims, there's factual evidence backing up those "claims".

Oh, that last part is for guys like Rick Falkvinge who don't seem to understand that you can share culture without sending the whole movie to someone.

As always, you miss the entire point. Like the 6 second clips. Those are not the entire movie/match/whatever and they are still taken down. Pirating a full work is just the extreme example. And even then it is right when the copyright holders (notice I'm not talking about the creators) do not make that content available for purchase or the price is at extortion levels.

Re: Re: Re:

Umm, that is sorta the WHOLE POINT of the suit, to determine if what they are doing in this case is legal or not.

Under the way the law/legal systems work in (nominally) free societies, ANYTHING you do IS legal unless/until a law against it is passed and/or the activity is challenged in court to get a ruling on it.

Therefore what GCHQ is doing is, nominally, legal, until it is ruled as illegal. And the way to test if it is illegal is to take it to court and get a ruling. Which is what is being attempted here. If the courts agree that it is legal, then there will be no repurcussions on GCHQ. If, however, the court declares it illegal, then there will (or may be, assuming its not all swept under the rug/pardoned) repurcussions on GCHQ.

And relying on the government, the instigators, hell, the cheerleaders and enablers of this activity, to be the ones to bring it up before the courts in criminal proceedings is not just naive, its f*cking stupid. It's the attitute of someone who believes the phrase "I'm from the government, I'm here to help you." You may care to abdicate yourself from your civil duty of always questioning the government's actions and motivations, of being coddled and accepting the government can do no wrong, but others don't.

Re: Re: Re: Re:

You should probably pay close attention to all of Whatever's posts, as it appears s/he is using the same "legal" loopholes in his/her "defense" arguments as the Federal agency's are using to defend their various illicit surveillance actions.

Rather telling actually. He/She might make a fair crystal ball for future excuses of federal shenanigans.